96f13a5b9f51f4062b225c6c106b91d5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

96f13a5b9f51f4062b225c6c106b91d5_JaffaCakes118
Size

158KB
MD5

96f13a5b9f51f4062b225c6c106b91d5
SHA1

49cc85ebe11f044df91f2033963ec476adfc1664
SHA256

b5666e378e7b7f4dc2f4816f06c0cf0aadb8edc8382dd204f8e48f434da6876a
SHA512

02abfe9230f265993025659329ddf10ef23c8767a9322bc88816374817322b4270a70b06a71657db9b9cdf18ff5b8f4f13b60440f1e99ef0cb0557597a0ec2bb
SSDEEP

3072:RgGYgrGa38Umrp5eu4UtS3Kcg6YYi2DqeDTEe:RygrB3P9BYYi2q2TEe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96f13a5b9f51f4062b225c6c106b91d5_JaffaCakes118

Files

96f13a5b9f51f4062b225c6c106b91d5_JaffaCakes118
.exe windows:1 windows x86 arch:x86

bddbb55f63b9daa6d16b4fcaeb9dcda4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
ReadProcessMemory
SetFilePointer
GetLastError
VirtualFree
IsBadReadPtr
ExitThread
lstrcpynA
GetFileType
ResumeThread
GetProcessAffinityMask
EnterCriticalSection
TlsSetValue
OpenProcess
FindClose
GetStartupInfoA
MapViewOfFile
WideCharToMultiByte
GetExitCodeThread
GetEnvironmentStrings
MultiByteToWideChar
GetCurrentProcessId
FileTimeToLocalFileTime
WriteConsoleW
HeapCreate
GetConsoleOutputCP
QueryPerformanceCounter
WriteFile
GetStdHandle
GetConsoleMode
GetEnvironmentStringsW
lstrcpyA
GetModuleHandleW
SetErrorMode
ExpandEnvironmentStringsA
GetTimeFormatA
TlsAlloc
InterlockedDecrement
GetACP
SetUnhandledExceptionFilter
CreateProcessA
SetHandleCount
GetCurrentThreadId
GetComputerNameW
lstrlenA
HeapSize
WriteConsoleA
IsBadStringPtrA
lstrcatA
RaiseException
CreateThread
GlobalMemoryStatus
ReadFile
GetStringTypeA
SearchPathA
GetEnvironmentVariableA
SetPriorityClass
CreateFileA
TerminateThread
WaitForMultipleObjects
GetProcAddress
FreeEnvironmentStringsA
LocalAlloc
SetLastError
FreeEnvironmentStringsW
GetSystemDirectoryA
HeapAlloc
SetStdHandle
GetProcessHeap
GetCurrentThread
DeviceIoControl
WaitForSingleObject
SizeofResource
GetLocaleInfoA
GlobalLock
GetModuleHandleA
RtlUnwind
CreateFileMappingA
GetOEMCP
CreateEventA
LockResource
SetProcessWorkingSetSize
GlobalAddAtomA
GetCurrentDirectoryA
FreeLibrary
LCMapStringA
DeleteFileA
GetSystemTimeAsFileTime
GetConsoleCP
PulseEvent
lstrcmpA
OpenEventA
ExitProcess

msvcrt

fflush
_popen
memcpy
_strnset
strcmp
ungetc
_close
_fstati64
ldexp
_mbsnicmp
_adj_fdiv_m32
mblen
towupper
_wctime
bsearch
_controlfp
iswalnum
_mbsnextc
_ismbcupper
_adjust_fdiv
_setsystime
_except_handler3
_memccpy
_set_error_mode
_ismbcalpha
isupper
_mbscmp
_snprintf
_cabs
_stricmp
_getdllprocaddr
_wfullpath
_wfdopen
_ismbcprint
_initterm
_wgetenv
_filelengthi64
__setusermatherr
_spawnv
_beginthread
iswupper
_atoldbl
memset
_fcvt
_ismbbkana
_getwche
_wexecle
atan
_strnicoll
_commode
pow
_statusfp
_mbsncoll
clock
strcspn
_fgetwchar
_acmdln
_inp
gets
getchar
_winminor
_findnext
_execlp
__p__commode
_adj_fdiv_m64
_wexecv
_outp
feof
_get_heap_handle
tmpfile
_searchenv
fgetpos
atan2
_XcptFilter
abort
_safe_fdiv
_wcstoi64
iswascii
isalpha
_sleep
_chdrive
putwchar
_inpw
_ungetch
_wcmdln
_unlock
log
_fdopen
_wexeclp
sinh
strtok
fwscanf
exit
_mbsnicoll
_resetstkoflw
isalnum
_tolower
fread
_mbctolower
fputws
_control87
_wcsrev
_exit
_wcreat
_strncoll
_mbsspnp
wcscpy
tanh
floor
_lseeki64
__getmainargs
_amsg_exit
_mbcasemap
_pipe
_wstrtime
_wexecl
_ungetwch
_wspawnlp
_cgets
_wcsnicmp
_strtime
wcsncpy
_dup
_stat64
_callnewh
_wsplitpath
_filelength
_adj_fpatan
_mbscpy
__set_app_type
strstr
_beginthreadex
_atodbl
_sopen
_ismbcgraph
__p__fmode
fgets
isleadbyte

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bddbb55f63b9daa6d16b4fcaeb9dcda4

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 144KB - Virtual size: 144KB

.data Size: 512B - Virtual size: 85B

.rsrc Size: 512B - Virtual size: 284B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 144KB - Virtual size: 144KB

.data
Size: 512B - Virtual size: 85B

.rsrc
Size: 512B - Virtual size: 284B